5

Configuring fail2ban With SquirrelMail On CentOS 5.3/ISPConfig 3

view full story
linux-howto

http://howtoforge.com – Configuring fail2ban With SquirrelMail On CentOS 5.3/ISPConfig 3 This tutorial shows how you can prevent unlimited login attempts and hence brute force attacks against your SquirrelMail web login by using fail2ban. (HowTos)

linuxgeek's picture
Submitted by linuxgeek on 08/11/2009 – Made popular on 08/11/2009

Stories similar to Configuring fail2ban With SquirrelMail On CentOS 5.3/ISPConfig 3

Configuring fail2ban With SquirrelMail On Debian Lenny 5.0/ISPConfig 3

In this article I will show how to prevent brute force attacks with Fail2ban against your SquirrelMail Web login using the Squirrel Logger plugin.

Changing From SquirrelMail To RoundCube On Your ISPConfig3 Server

This tutorial has been created for those who have installed The Perfect Server - CentOS 5.4 x86_64 [ISPConfig 3] and do not like SquirrelMail as webmail client. Here’s a guide to replace SquirrelMail with RoundCube, which is more visually attractive and easier to manage for our clients.

Using Fail2ban To Block Wrong ISPConfig Logins In this tutorial, we'll write an ISPConfig plugin to log failed logins to syslog, filter those entries using rsyslogd and add a fail2ban rule to block malicious users' IPs.

Fail2ban doesn't ban anyone... 1 year 42 weeks ago

Fail2ban doesn't ban anyone...I folowed this guide to configure fail2ban with Squirrelmail.

I have a fail2ban configured like below:

block the ip after 3 failed attempts release the IP after 300 sec timeout

This works perfectly and I want to keep it this way such that a valid user gets a chance to retry the login after the timeout.

As title...I always used fail2ban without problem with CentOS 5.6 or earlier but now with CentOS 6I'm not able to make fail2ban works well.Rules are written ok, l... [by sblantipodi]

We've been using fail2ban to block failed ssh attempts. I would like to setup the same thing for phpMyAdmin as well.

As phpMyAdmin doesn't log authentication attempts to a file (that I know of), I'm unsure of how best to go about this.

Does a plugin / config exist that makes phpMyAdmin log authentication attempts to a file? Or is there some other place I should look for such an activity log?

This is my improvised solution for listing ssh failed usernames in notification email subject. I thought that it is useful for quickly check which username is used in ssh brute force attacks.(see first line after actionban)

I'm sure that the code isn't good and which can be written better!

The code is based from: /etc/fail2ban/action.d/sendmail-whois-lines.conf

[Definition]

actionban = printf

Hello,

I installed Fail2Ban on Ubuntu 8.04 LTS from the packages. If I recall correctly, Fail2Ban 0.8.2 is in the packages.

Every time, a log rotation is detected, Fail2ban unbans all previously banned IPs. Is there any solution to prevent this? Or how can I force a new version of fail2ban to be installed (other than compiling it myself)?

-- nick